To apply package on solaris 11
1. Set up right publisher
# pkg publisher
2. View/refresh the packages to be updates
# pkg list -u
# pkg info -r entire
3. Apply new packages
# pkg update --no-be-activate --be-name aBE_01222018 --accept
6. Activate your BE and reboot the machine
# beadm activate aBE_01222018
# reboot
===================================
cp -p /etc/hosts /etc/hosts.`date '+BK_%m-%d-%Y'`
cp -p /etc/nsswitch.conf /etc/nsswitch.conf.`date '+BK_%m-%d-%Y'`
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.`date '+BK_%m-%d-%Y'`
cp /etc/mail/submit.cf /etc/mail/submit.cf.`date '+BK_%m-%d-%Y'`
df -h >/var/tmp/df.out.`date '+BK_%m-%d-%Y'`
zfs list >/var/tmp/myzfs.out.`date '+BK_%m-%d-%Y'`
zpool list> /var/tmp/zpool.list.`date '+BK_%m-%d-%Y'`
zpool status >/var/tmp/zpool.status.`date '+BK_%m-%d-%Y'`
cat /etc/lu/ICF.1>/var/tmp/ICF1.bk.`date '+BK_%m-%d-%Y'`
cat /etc/lu/ICF.2>/var/tmp/ICF2.bk.`date '+BK_%m-%d-%Y'`
cd /var/adm; rm pacct.* auditlog.0 auditlog.1
cd /var/tmp; rm -fr DCE* SPX* TCP* US* RAW* NMP* net* ISPX* VI* BEQ* DEC* ITCP*
cd /var/audit; /usr/local/bin/purge_audit.sh; cd /var/tmp
ipfilter set up
pass out quick on net0 to net2:192.168.10.1 from 192.168.10.74 to 172.26.255.0/24
pass out quick on net0 to net2:192.168.10.1 from 192.168.10.74 to 172.26.253.0/24
block in proto tcp/udp from any to any port = 23
block in proto tcp/udp from any to any port = 21
block out log quick all with opt lsrr
block out log quick all with opt ssrr
block in log quick all with opt lsrr
block in log quick all with opt ssrr
===================================
Oracle Solaris IPS REPOSITORY
-----------------------------
A. Creating local repo
Note: You can create your repo by using https://pkg.oracle.com/solaris/support
or
Set up your own local repo.
Download the packages and prepare your env.
a. Create repo location
# zfs set mountpoint=/opt/OS_Repo OS-Repo/FS_OS_Repo
# zfs get atime OS-Repo/FS_OS_Repo
# zfs set atime=off OS-Repo/FS_OS_Repo
# zfs get atime OS-Repo/FS_OS_Repo
b. Use the iso image or packages to build repo
Mount the ISO image as a filesystem.
$ mount -F hsfs <full_path_to>/sol-11_3_srunum_bldnum_respinnum-incr-repo.iso /mnt
or
Unzip the packages
# unzip -q p26339315_1100_Solaris86-64_1of4.zip
# unzip -q p26339315_1100_Solaris86-64_2of4.zip
# unzip -q p26339315_1100_Solaris86-64_3of4.zip
# unzip -q p26339315_1100_Solaris86-64_4of4.zip
c. Sync new package against the repo
# rsync -aP /opt/OS_Repo/Patch-Images/Oct-2017/publisher /opt/OS_Repo/
d. 4. Rebuild the index
# pkgrepo rebuild -s /opt/OS_Repo
# pkgrepo -s /opt/OS_Repo info
# pkgrepo list -s /opt/OS_Repo | grep entire
# pkgrepo -s /opt/OS_Repo/list entire
# pkg list -af entire
# pkg list entire
# pkg refresh --full
-----------------------------------
# pkg unset-publisher solaris
# pkg publisher
# pkg set-publisher -G '*' -g file:///opt/OS_Repo/ solaris
# pkg plublisher
# pkg info -r entire
# svcs -a | grep -i pkg/publisher
[ SYNC the extracted packages
tar cfE - S11_Repo_Files | ( cd /var/tmp/repo-bkup/ ; tar xfBp - )
]
# pkg update -nv
# pkg list -u
# pkg info -r entire
5. Apply new packages
# pkg update --no-be-activate --be-name alt03292017 --accept
6. Activate your BE and reboot the machine
# beadm activate aBE_01222018
# reboot
==================================================
B. Applying patch - upgrade
1. Make sure you have repo set up
# pkg publisher
a. if not set, set it
If an existing repository is not set, add the repository to the system.
Specify a New Publisher
$ pkg set-publisher -P -g http://pkg.example.com/release/ solaris
Here,
solaris -> new publisher
origin URI specified with -g option and
sets the publisher to be first in the search order.
The -P option or the --search-first option to set the specified publisher first in the search order.
# pkg set-publisher -g file:///full_path_to_existing_s11_3_repo solaris
# pkg set-publisher -g http://192.168.10.64 solaris
Replace existing and set a new publisher
# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F http://192.168.10.64/
Command to change
# pkg set-publisher -G '*' -g http://192.168.10.64 solaris
root@ssoa-db-v06:~# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F http://192.168.10.64/
Adding and Changing Publisher Mirrors
# pkg set-publisher -m http://pkg.example.com/ solaris
-m -> adds a URI as a mirror for the specified publisher.
Note: You cannot access the content in a mirror repository unless the same
version of the same package also exists in an origin repository for that same publisher.
Configuring Publisher Keys and Certificates
$ pkg set-publisher -k /root/creds/example.key -c /root/creds/example.cert \
--approve-ca-cert /tmp/example_file.pem isvpub
-k -> to specify the client SSL key.
-c -> to specify the client SSL certificate.
--approve-ca-cert -> Use this option to add the specified certificate as a CA certificate that is trusted.
Enabling and Disabling Publishers
# pkg set-publisher --enable --search-before devtool isvpub
A newly added publisher is enabled by default.
The following command enables the isvpub publisher and sets it ahead of the devtool publisher in the search order.
If only one publisher is enabled, that publisher cannot be disabled.
Use the --disable option to disable a publisher. You can disable a publisher if origin is temporarily unreachable.
2. Check the version installed on your system.
# pkg list entire
NAME (PUBLISHER) VERSION IFO
entire 0.5.11-0.175.3.22.0.3.0 i--
In the version output, 0.5.11-0.175.3.22.0.3.0 indicates Solaris 11.3, SRU version 22, build 3, and no respin.
version format is
MOS and BugDB:
5-digit Release.Update.SRU.Build.Respin:
Note that "srunum" represents the number of this SRU
(for example, sru 11), "bldnum" represents the SRU build (for example,
build 2) and "respinnum" represents the respin number (0 if none):
2. Verify your have right publisher set up. If not change it.
# pkg
# pkgrepo -s /opt/OS_Repo info
PUBLISHER PACKAGES STATUS UPDATED
solaris 6230 online 2017-07-25T19:42:10.668045Z
# beadm list
BE Flags Mountpoint Space Policy Created
-- ----- ---------- ----- ------ -------
alt09192016 - - 96.07M static 2016-09-19 15:23
pBE_BK12142016 - - 97.40M static 2016-12-14 09:48
solaris - - 89.33M static 2016-07-28 11:20
solaris-1 NR / 57.72G static 2016-12-14 11:19
solaris-backup-1 - - 96.12M static 2016-12-12 08:39
3. Once you verify, create a new boot environment.
a. Use -u flag to list the only packages that are newer version.
# pkg list -u
b. Run pkg info -r entire to list the latest version available on repo.
# pkg info -r entire
c. if you see old version while running on client system, update again.
# pkg list -u
d. use the pkg update with -nv flag, for a Dry Run test. it will not update the system.
# pkg update -nv
d. Create a new boot environment and apply the update.
# pkg update --no-be-activate --be-name aBE_01222018 --accept
# pkg update --no-be-activate --be-name pBE_10202017 --accept
Packages to remove: 26
Packages to install: 13
Packages to update: 257
Mediators to change: 1
Create boot environment: Yes
Activate boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 296/296 12403/12403 596.6/596.6 2.7M/s
PHASE ITEMS
Removing old actions 7248/7248
Installing new actions 6169/6169
Updating modified actions 10604/10604
Updating package state database Done
Updating package cache 283/283
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
A clone of alt05192017 exists and has been updated. To set the
new BE as the active one on next boot, execute the following
command as a privileged user and reboot when ready to switch to
the updated BE:
beadm activate pBE_07202017
Updating package cache 1/1
---------------------------------------------------------------------------
NOTE: Please review release notes posted at:
https://support.oracle.com/rs?type=doc&id=2045311.1
---------------------------------------------------------------------------
#
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.14.0.6.0:20161110T164958Z
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# beadm list
BE Flags Mountpoint Space Policy Created
-- ----- ---------- ----- ------ -------
aBE07202017 - - 2.63G static 2017-07-31 15:33
alt09192016 - - 96.07M static 2016-09-19 15:23
pBE_BK12142016 - - 97.40M static 2016-12-14 09:48
solaris - - 89.33M static 2016-07-28 11:20
solaris-1 NR / 57.72G static 2016-12-14 11:19
solaris-backup-1 - - 96.12M static 2016-12-12 08:39
#
# mkdir /alt
# beadm mount aBE07202017 /alt
# beadm rename aBE07202017 aBE_07202017
# beadm list
BE Flags Mountpoint Space Policy Created
-- ----- ---------- ----- ------ -------
aBE_07202017 - - 2.63G static 2017-07-31 15:33
alt09192016 - - 96.07M static 2016-09-19 15:23
pBE_BK12142016 - - 97.40M static 2016-12-14 09:48
solaris - - 89.33M static 2016-07-28 11:20
solaris-1 NR / 57.72G static 2016-12-14 11:19
solaris-backup-1 - - 96.12M static 2016-12-12 08:39
# beadm activate aBE_07202017
# beadm list
BE Flags Mountpoint Space Policy Created
-- ----- ---------- ----- ------ -------
aBE_07202017 R - 61.98G static 2017-07-31 15:33
alt09192016 - - 96.07M static 2016-09-19 15:23
pBE_BK12142016 - - 97.40M static 2016-12-14 09:48
solaris - - 89.33M static 2016-07-28 11:20
solaris-1 N / 2.30M static 2016-12-14 11:19
solaris-backup-1 - - 96.12M static 2016-12-12 08:39
# virtinfo -a
#
Removing a Publisher
Use the pkg unset-publisher command to remove a publisher.
# pkg publisher
# pkg unset-publisher solaris
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Oct 2017
# beadm list
# pkg publisher
# pkg set-publisher -G '*' -g http://214.38.139.236 solaris
# pkg update --no-be-activate --be-name pBE_10202017 --accept
# pkg list entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.19.0.5.0:20170407T231931Z
# beadm list
# beadm activate pBE_10202017
# beadm list
==========================================
C. Troubleshooting
-----------------------------------------------
Troubleshooting
1. Extract your packages
# unzip p27283240_1100_SOLARIS64_1of5.zip
# unzip p27283240_1100_SOLARIS64_2of5.zip
# unzip p27283240_1100_SOLARIS64_3of5.zip
# unzip p27283240_1100_SOLARIS64_4of5.zip
# unzip p27283240_1100_SOLARIS64_5of5.zip
2. Sync your packages against your repo.
# rsync -aP /opt/OS_Repo/Patch-Images/Jan-2018/publisher /opt/OS_Repo/
3. Rebuild the index
# pkgrepo rebuild -s /opt/OS_Repo/
4. List current package version
# pkg list entire
entire 0.5.11-0.175.3.25.0.3.0 i--
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
5. List the available package version on repo
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
# pkgrepo -s /opt/OS_Repo info
solaris 6362 online 2018-01-23T19:19:53.861572Z
6. List all package version available on repo.
# pkgrepo list -s /opt/OS_Repo | grep entire
solaris entire 0.5.11,5.11-0.175.3.28.0.4.0:20180105T170943Z
solaris entire 0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
solaris entire 0.5.11,5.11-0.175.3.19.0.5.0:20170407T231931Z
solaris entire 0.5.11,5.11-0.175.3.14.0.6.0:20161110T164958Z
solaris entire 0.5.11,5.11-0.175.3.1.0.5.0:20151006T140051Z
# pkg list -af entire
# pkg list -u
pkg: no packages have newer versions available
Note: Some reason, I am not geting updated repo to install. Installation says no new packages are available.
But I have already synced the new packages.
Troubleshooting steps.
7. List available and unset (remove) them.
# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///opt/OS_Repo/11.3/
puppetlabs.com origin online F file:///var/tmp/puppet-agent%401.10.5%2C5.11-1.sparc.p5p/
# pkg unset-publisher solaris
Updating package cache 1/1
# pkg unset-publisher puppetlabs.com
Updating package cache 1/1
8. Check the property of repo server
# svcprop pkg/server
.....
pkg/inst_root astring /opt/OS_Repo/11.3/
.....
restarter_actions/enable_complete time 1509666826.309413000
Note: pkg/inst_root is set to /opt/OS_Repo/11.3 while its supposed to be /opt/OS_Repo
Now, we are going to change it.
# ls -l /opt/OS_Repo/
total 35
drwxr-xr-x 3 root root 8 Nov 1 22:38 11.3
-rw-r--r-- 1 root root 3440 Apr 10 2017 COPYRIGHT
-rw-r--r-- 1 root root 1626 Apr 10 2017 NOTICES
drwxr-xr-x 4 root root 4 Jan 23 10:37 Patch-Images
-rwxr-xr-x 1 root root 3097 Apr 10 2017 README-repo-iso.txt
-rw-r--r-- 1 root root 389 Apr 10 2017 pkg5.repository
drwxr-xr-x 3 root root 3 Jan 23 10:47 publisher
-rw-r--r-- 1 root root 704 Apr 10 2017 readme.txt
root@ssbx-mg-v201:~# cd /opt/OS_Repo/11.3/
# ls
COPYRIGHT NOTICES README-repo-iso.txt pkg5.repository publisher readme.txt
# svccfg -s pkg/server setprop pkg/inst_root=/opt/OS_Repo
# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
# svcadm refresh pkg/server
# svcadm restart pkg/server
9. Now, set the publisher
# pkg set-publisher -G '*' -g file:///opt/OS_Repo/ solaris
# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///opt/OS_Repo/
10. You should be able to see the update. Verify the version available on the repo.
# pkg list -u
NAME (PUBLISHER) VERSION IFO
audio/audio-utilities 0.5.11-0.175.3.20.0.3.0 i--
consolidation/X/X-incorporation 0.5.11-0.175.3.24.0.3.1539 i--
..................................
x11/server/xephyr 1.14.5-0.175.3.24.0.3.1539 i--
x11/server/xorg 1.14.5-0.175.3.24.0.3.1539 i--
x11/server/xvnc 1.1.0-0.175.3.24.0.3.1539 i--
# pkg list entire
NAME (PUBLISHER) VERSION IFO
entire 0.5.11-0.175.3.25.0.3.0 i--
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.28.0.4.0:20180105T170943Z
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
-----------------------------------------------
2. Add an additional origin to the existing solaris publisher.
$ pkg set-publisher -g file:///mnt solaris
3. Perform the update of the packages.
$ pkg update
Rebuild the search indexes for the repository.
# pkgrepo rebuild -s <full_path_to_existing_s11_3_repo>
If the repository is managed by pkgserv, restart the appropriate service.
# svcadm restart svc:/application/pkg/server:<your_repo_instance>
# pkg list -u
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# chmod u+x install-repo.ksh
# zfs snapshot OS-Repo/FS_OS_Repo@07242017
# zfs list -t snapshot
NAME USED AVAIL REFER MOUNTPOINT
OS-Repo/FS_OS_Repo@07242017 0 - 27.7G -
# ./install-repo.ksh -d /opt/OS_Repo -v -c
Using sol-11_3-repo download.
IPS repository exists at destination /opt/OS_Repo
Current version: 0.175.3.19.0.5.0
Do you want to add to this repository? (y/n)[n]: y
Comparing checksums of downloaded files...done. Checksums match.
Uncompressing sol-11_3-repo_1of5.zip...done.
Uncompressing sol-11_3-repo_2of5.zip...done.
Uncompressing sol-11_3-repo_3of5.zip...done.
Uncompressing sol-11_3-repo_4of5.zip...done.
Uncompressing sol-11_3-repo_5of5.zip...done.
Repository can be found in /opt/OS_Repo.
Initiating repository rebuild.
Initiating repository verification.
You have new mail in /var/mail/root
#
======================================
root@srep-mg-v20:/opt/OS_Repo/Patch-Images/Oct-2017# pkgrepo -s /opt/OS_Repo list entire
PUBLISHER NAME O VERSION
solaris entire 0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
# pkg list -af entire
NAME (PUBLISHER) VERSION IFO
entire 0.5.11-0.175.3.25.0.3.0 ---
entire 0.5.11-0.175.3.22.0.3.0 i--
# rsync -aP /opt/OS_Repo/Patch-Images/Oct-2017/publisher /opt/OS_Repo
# pkg refresh --full
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///opt/OS_Repo/
# svcprop svc:/application/pkg/system-repository:default | grep config/host
config/host astring 127.0.0.1
# pkg rebuild-index
Building new search index 927/927
root@srep-mg-v01:/opt/OS_Repo/publisher/solaris/index# pkgrepo -s /opt/OS_Repo list | more
root@srep-mg-v01:/opt/OS_Repo/publisher/solaris/index# pkgrepo info -s /opt/OS_Repo
PUBLISHER PACKAGES STATUS UPDATED
solaris 6275 online 2017-11-14T19:43:29.452989Z
# pkg mediator ssh
# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///opt/OS_Repo/
# cd /opt/OS_Repo/publisher/solaris/index
# pkg search -l diagnostic/tcpdump
# pkgrepo refresh -s /opt/OS_Repo
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
# pkg refresh --full
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.25.0.3.0:20170929T211433Z
Go to client, and update the index ...
# pkg info entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# pkg info -r entire
FMRI: pkg://solaris/entire@0.5.11,5.11-0.175.3.22.0.3.0:20170629T161458Z
# pkg list -u
Some ideas came from,
http://www.unixarena.com/2014/08/solaris-11-ips-repository-issues-and-fixes.html
if repo is not available to client machine, here is the steps to fix.
# pkg publisher
PUBLISHER TYPE STATUS P LOCATION
solaris origin online F file:///opt/OS_Repo/
# pkgrepo info -s /opt/OS_Repo
PUBLISHER PACKAGES STATUS UPDATED
solaris 6362 online 2018-01-23T19:19:53.861572Z
# svcs -a | grep application/pkg/server
disabled 18:52:01 svc:/application/pkg/server:default
# svcs -a | grep application/pkg/server
maintenance 10:31:46 svc:/application/pkg/server:default
# svcadm restart application/pkg/server
# svcs -a | grep application/pkg/server
maintenance 10:31:46 svc:/application/pkg/server:default
You have new mail in /var/mail/root
# svcs -a | grep application/pkg/server
maintenance 10:31:46 svc:/application/pkg/server:default
# svccfg -s pkg/inst_root application/pkg/server
svccfg: Pattern 'pkg/inst_root' doesn't match any instances or services
# svcprop -p pkg/inst_root application/pkg/server
/var/pkgrepo
# svccfg -s application/pkg/server setprop pkg/inst_root=/opt/OS_Repo
# svcprop -p pkg/inst_root application/pkg/server
/opt/OS_Repo
# svccfg -s application/pkg/server setprop /pkg/readonly=true
svccfg: Invalid property group name "".
# svccfg -s application/pkg/server setprop pkg/readonly=true
# svcadm refresh application/pkg/server
# svcadm restart application/pkg/server
# svcs -a | grep pkg/server
maintenance 10:31:46 svc:/application/pkg/server:default
# svcs -d svc:/application/pkg/server:default
STATE STIME FMRI
disabled 18:52:00 svc:/system/filesystem/autofs:default
online 18:52:38 svc:/milestone/network:default
online 18:52:41 svc:/system/filesystem/local:default
online 18:52:42 svc:/network/ntp:default
# svcs -D svc:/application/pkg/server:default
STATE STIME FMRI
disabled 18:52:01 svc:/application/pkg/depot:default
# svcadm enable svc:/application/pkg/depot:default
# svcs -D svc:/application/pkg/server:default
STATE STIME FMRI
offline 10:40:22 svc:/application/pkg/depot:default
# svcs -D svc:/application/pkg/server:default
STATE STIME FMRI
offline 10:40:22 svc:/application/pkg/depot:default
#
# ls -ld /opt/OS_Repo/
drwxr-xr-x 6 root root 11 Jan 24 10:10 /opt/OS_Repo/
# svcadm clear pkg/server
# svcs -a | grep pkg/server
online 10:43:40 svc:/application/pkg/server:default
#